The engineering challenges of AI agents in enterprise applications have become a focal point in the industry. Although the open-source framework OpenClaw has garnered 370,000 stars, enterprises face multiple difficulties in practical deployment, including high container costs, sharply increased failure rates, and security vulnerabilities. Alibaba Cloud has launched JVS Crew, an enterprise-grade AI agent platform featuring a "brain-body separation" architecture that runs the brain, execution environment, and memory system independently, providing three layers of security: identity wall, content wall, and execution wall. The platform has been successfully validated across industries such as finance, e-commerce, shipping, and healthcare.
Article author and source: AI World
OpenClaw, 370,000 stars. Hermes Agent, 140,000 stars in three months.
In the first half of 2026, the biggest consensus among developers worldwide is one thing: shrimp farming.
But within the company, almost everyone who was among the first to use OpenClaw experienced a moment of being proven wrong.
You trained your shrimp to fly—helping you write weekly reports, organize emails, and automatically run data. A colleague took a look and said, “This thing is useful.”
When the news reached the boss, he slammed the table and ordered everyone in the company to use it.
Then, you realize the real trouble has just begun.
A runaway task burned through the entire month’s token budget, and no one knew which shrimp was responsible; 1,000 people each raising their own shrimp, with no shared experience, and everyone starting from scratch.
Zhang Xiantao, Vice President of Alibaba Cloud Intelligence, spoke with enterprise customers and heard the same six words most often: “It works, but it’s not user-friendly.”
Beneath the hype, implementing Agent faces numerous challenges.
Old Huang also saw the same issue.
At GTC 2026, NVIDIA, in collaboration with the founder of OpenClaw, launched NemoClaw Enterprise, featuring one-click deployment and sandbox isolation.
Old Huang's exact words in his speech were that every company, every software company, needs an agent strategy.
80% of the trading fees are covered by the platform.
However, reality is leaner than slogans.
Many companies eagerly built their own systems using OpenClaw, played around for a month and a half, and returned, defeated and disheartened. The stories are all much the same.
A tech company with a highly capable in-house team decided to build it themselves, gathering a group to take direct action.
As a result, only after Skill was fully developed did we discover a critical fact: the OpenClaw architecture requires containers to be online 24/7; once they go offline, the lobster becomes disconnected and unreachable.
This means each user must permanently occupy a dedicated container.
With users numbering in the tens of millions, assigning a never-shutdown container to each one would leave anyone doing the math with a headache.
Even more exciting things are yet to come.
Tens of millions of lobsters are running independently; any user tweaking a prompt or adjusting a gateway can instantly break them.
Individually, the probability is extremely low, but once the scale increases, the failure rate immediately becomes a nightmare.
Then, at the end of March, OpenClaw’s major update suddenly dropped backward compatibility, rendering all the hard work users had put in useless—users were unable to use the platform for hours each day.
Another tech company took a more “professional” approach: they purchased Alibaba Cloud’s cloud computers and paired them with an intelligent agent management software from a well-known security company to build their own platform.
In early April, they were quite excited, believing this combination of strategies would really work.
One day, after an upgrade, all agents went offline simultaneously, and a large amount of memory was lost.
Suffered heavy losses.
This is the very real "south wall" standing in front of businesses: three towering challenges—security, stability, and engineering complexity.
OpenClaw addresses "Can agents be used?" but completely fails to answer "Will enterprises dare to use them? Can they afford them? Are they easy to use?"
At the 2026 Alibaba Cloud Summit, Alibaba Cloud unveiled the full lineup of the JVS Agent Suite: JVS Claw for individuals, JVS Crew for enterprises, and JVS Mobile for mobile devices.
Among them, JVS Crew is the enterprise-grade "lobster mass-production factory"—a fully managed, easy-to-integrate, and controllable enterprise-level Agent construction platform.
Its essence is not just another agent, but an operating system for the agent era.
When enterprises build Agents, JVS Crew handles all the most challenging tasks—multi-tenant isolation, security and compliance, cost accounting, and channel integration. You just focus on farming shrimp; everything else is taken care of.
Regarding the integration method, JVS Crew follows a "being integrated" approach.
In other words, you don’t need to discard your existing system and start over.
JVS Crew is more like a base layer that you can directly integrate into your existing app, business system, or even hardware, enabling your product to "grow" shrimp capabilities.
Popular channels like DingTalk, Feishu, Enterprise WeChat, and QQ work out of the box—set up once, and use them across all channels.
Pricing is also straightforward—no seat fees, just pay for what you use, with billing at the end of each month.
In Zhang Xiantao’s words, make it possible for every business and every user to use it confidently and affordably.
Hand-brain disconnection
Why should the shrimp be "taken apart"?
The underlying architecture supporting JVS Crew is called "Separation of Hand and Brain."
The problem with OpenClaw is that the brain, hands, and memory are all tied together, running in the same process.
It doesn’t matter for individuals, but in a company, if one link fails, the entire system has to be restarted.
Switching models requires moving the execution environment too. Want to run more instances? All layers must scale together. Change one thing, and everything else moves with it.
The JVS Crew, based on the Harness engineering philosophy, completely broke these three things apart.
The brain (Agent layer) focuses solely on thinking. The model and prompts can be swapped anytime—today use Tongyi, tomorrow switch to GPT—without needing to touch the part that does the work.
Hands-off (Environment layer)—just get it done. Each task runs in its own isolated cloud sandbox, with no interference between them.
The most impressive feature is that JVS Crew uses snapshot technology to save state—if the process is interrupted halfway, your workspace files won’t be lost, and you can resume from where you left off instead of starting over.
This "resume from breakpoint" sounds simple, but it的背后 is a complete architecture of compute-storage separation and snapshot-based recovery. When enterprises run thousands of tasks simultaneously, the state of each task must be reliably saved and restored—this is a classic hard problem in distributed systems.
The session layer, responsible for coordination, determines the sequence between the brain and the hands, tracks progress, and guides the next steps.
Each layer operates independently and can be upgraded without affecting the others. Switching models doesn’t impact the execution environment, and adding machines requires no changes to the inference logic. Scaling from 1 shrimp to 10,000 shrimps doesn’t require redesigning the architecture.
Interestingly, across the ocean, we’ve also reached the same crossroads.
In April, Anthropic launched Claude Managed Agents (CMA), initially hosting both the agent logic and execution environment on its own cloud.
But on May 19, Anthropic added self-hosted sandboxes to CMA, moving the execution layer onto enterprise-owned infrastructure while keeping orchestration in the cloud.
It’s almost the same blueprint as the “mind-body separation” approach adopted by the JVS Crew from day one.
Three layers of security: Let Xiaogan proceed, but keep it on track.
The coolest feature of shrimp is "autonomous execution"—it plans its own tasks, selects its own tools, and completes the work independently.
But from another perspective, autonomous execution means unpredictability—in a business, unpredictability can be fatal.
The JVS Crew's method involves giving the shrimp three layers of "walls."
First barrier: the identity wall.
Role-based access control (RBAC) ties permissions to roles, determining who can use which tools and view which data.
Sales staff can view customer information but cannot access financial data. Administrators configure settings centrally in the backend, eliminating the need to set them up individually.
Second, the paywall.
Each of the three stages—incoming messages, data being processed, and outgoing results—has a security checkpoint.
Input layer defends against prompt injection—malicious commands attempting to hijack the shrimp’s behavior are blocked at the door.
The processing layer automatically identifies PII-sensitive information and masks data such as ID numbers and phone numbers when encountered.
The output layer conducts compliance reviews to serve as the final safeguard, ensuring that any non-compliant content is blocked.
The third barrier: the execution wall.
Dual isolation with VM and secure containers ensures that shrimp is trapped inside the sandbox and cannot escape.
For high-risk actions like transfers or data deletion, Xia will not auto-execute after making its judgment—it will pause and wait for human approval. Let it take the lead, but at critical moments, humans have the final say.
Don't think this is unnecessary worry.
In February this year, SecurityScorecard discovered over 40,000 OpenClaw instances exposed on the public internet, one-third of which had known vulnerabilities.
The Token Security report also found that 22% of employees secretly installed OpenClaw on their company computers, without the IT department’s knowledge.
If these shrimps were running inside three walls, most safety accidents would never occur.
Make shrimp truly “effective” in the enterprise
Security is the baseline, but the baseline alone is not enough.
The JVS Crew also worked on three aspects to transform the shrimp from “able to run” to “able to fight.”
First, it's memory.
The native memory solution for OpenClaw is a MEMORY.md file, which is essentially plain text storage with limited capabilities.
Third-party plugins like Mem0 can enhance functionality, but they are still far from enterprise-grade cross-session memory management.
The JVS Crew has turned memory into a platform-level capability, divided into two layers:
- Local memory, lightweight and fast;
- Enhance memory with cloud-based vector databases that precisely retrieve relevant context from vast historical data, saving tokens and speeding up responses.
More importantly, knowledge can be shared across the team. The customer communication insights gained by Salesperson A can also be used by Salesperson B. Personal experience becomes organizational asset.
Secondly, there is the cost.
What do enterprises fear most when using agents?
Review your bill at the end of the month. Running a complex task consumes tokens rapidly and is difficult to estimate in advance.
JVS Crew implemented a four-level budgeting system—from company to department to individual to each shrimp—automatically notifying users when 80% is spent and automatically pausing spending once 100% is reached.
Display a real-time dashboard to clearly show where the money is being spent and by whom.
Finally, troubleshooting.
When something goes wrong with the shrimp, the worst part is not knowing where the problem lies.
The JVS Crew built an end-to-end traceability system that logs every step of the work process—from task assignment, execution, tools used, to results returned—enabling full end-to-end traceability. Bugs can be located in seconds without relying on random log searches.
Someone has already gotten started.
In less than two months since its commercial launch, JVS Crew has already been adopted by companies across several industries.
Da Zhi Hui integrated it as an AI investment research assistant into its app and launched it within two weeks. User retention doubled, and cloud costs were halved.
Yiwu Small Commodities Market integrated it into the "World Yiwu" app, enabling AI to automatically generate viral content strategies and optimize multilingual ad copy. Similarly, within two weeks, operational efficiency increased fivefold.
COSCO Shipping Technology built a platform called Hi-Dolphin, an agent matrix that covers global shipping information distribution. The deployment efficiency of agents has increased tenfold.
Shanghai Yimi developed intelligent assistants for four scenarios—medical literature, drug instructions, medical translation, and medical records—and completed integration within two weeks, supporting over 100 complex tasks running simultaneously and reducing review time by half.
Four industries, four strategies. Implementation cycles are measured in weeks.
The second half of AI
Now, the bottleneck for the agent has changed.
This time last year, everyone was still discussing whether the models were smart enough.
This year, industry consensus has quietly shifted to another question: how to build the engineering foundation.
The model has become smart enough to warrant serious consideration. And taking a shrimp seriously means equipping it with water, electricity, gas, access control, fire safety, and property management.
A bungalow and a skyscraper use completely different foundations and utility systems. You can't stack a thousand bungalows on top of each other and call it a skyscraper.
Looking further ahead, as code costs approach zero, the product’s inherent moat begins to erode.
SaaS is spreading toward agents, and agents are sinking into infrastructure.
The smartest shrimp will be remembered. But what ultimately remains is the most stable factory.